Operating System and Computer Security

Computer Security

• Protection of the items you value-assets(hardware,software,data,people,processes) of a computer

or computer system.
The Security Triad (C.I.A Triad)
a model designed to guide policies for information security within an
organization.
• Confidentiality
o The ability of a system to ensure that an asset is viewed
only by authorized parties
• Integrity
o The ability of a system to ensure that an asset is
modified only by authorized parties
• Availability
o The ability of a system to ensure that an asset can be
used by any authorized parties

Computer security
The collection of tools designed to protect data and to thwart hackers
Network security
Measures to protect data during their transmission
Internet security
Measures to protect data during their transmission over an internet
Vulnerability
Weak point in a system where a threat can sneak in
Threat
A potential damage that can be materialized through some flaw in the system
Risk
The probability of a threat being materialized by exploiting a vulnerability
Control
Any procedure that is in place to assure security of a system

Attack, services and mechanisms

• Security attack: any action that compromises the security of information.

• Security mechanism: A mechanism that is designed to detect, prevent or recover from a security
attack. (cryptographic techniques)
• Security service: A service that enhances the security of data processing system and information
transfers. (Encryption)
OSI (Open System Interconnection) Security Architecture

• ITU-T (International Telecommunication Union)

• This useful if abstract, overview of concepts we will study.
Security Services (X.800)
X800 defines it as: a service provided by a protocol layer of communicating open system, which ensures
adequate security of the systems or of data transfers
RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind
of protection to system resources.
X.800 services defines it in 5 major categories

• Authentication
o Assurance that the communicating entity is the is the one claimed
• Access control
o Prevention of the unauthorized use of a resource (preventing misuse of resources)
• Data confidentiality
o Protection of data from unauthorized disclosure (privacy)
• Data Integrity
o Assurance that data received is as sent by an authorized entity (has not been altered)
• Non-repudiation
o Protection against denial by one of the parties in a communication (the order is final)
Security Mechanisms (X.800)
Mechanisms Technical tools and techniques that are used to implement security services (how is the
implement security services)

• Specific security mechanisms

corporated with appropriate protocol layer in order to provide some of the OSI security
services.

o Encipherment
▪ Using Encryption and decryption algorithm (cryptography)
o Digital signatures
o Data integrity
▪ Check the message is modified or not (check value)
o Authentication exchange,
o Traffic padding
▪ Unwanted data include to message
o Routing control
▪ Change path time to time
o Notarization
 • Pervasive security mechanisms
Mechanisms that are not specific to any particular OSI security service or protocol layer
o Trusted functionality
o Security label
o Event detection
o Security audit trail
o Security recovery

Security Attack (X.800)

• Passive attacks
Unauthorized party monitors network. Type of passive attack
➢ Eavesdrop
➢ Traffic Analysis
• Active attacks
Unauthorized party modification to data. Type of active attacks
➢ Masquerade(impostors)
➢ Replay previous messages
➢ Modify messages in transit
➢ DoS(Denial of service)